In April 2025, Marks & Spencer – one of the UK’s leading retailers – disclosed that they had experienced a cyberattack which disrupted their online operations and left customer data vulnerable.
This attack made headlines in Britain and beyond, and it has highlighted the critical importance of strong information security practices for modern-day businesses.
The Attack
The attack on Marks & Spencer is said to have been orchestrated by a group of teens and young adults called ‘Scattered Spider’. The hackers are believed to have used a SIM-swapping technique to gain unauthorised access to the company’s systems, exploiting vulnerabilities in a third-party service provider’s network. As a result, M&S was forced to suspend online orders for almost two months, leading to an estimated loss of £300 million in operating profits.
The breach also compromised the personal data of thousands of customers, leading to further concerns about potential identity theft and fraud.
The Importance of Information Security Systems
The M&S cyberattack underlines just how necessary it is for businesses to adopt a comprehensive information security management system (ISMS). A good way to ensure that your ISMS is up to snuff – and to reassure your customers that their data is secure – is to obtain ISO 27001 certification.
ISO 27001 is the internationally-recognised standard for information security management systems. An organisation that has implemented an ISMS can obtain ISO 27001 certification to prove that their system conforms to this global standard and to demonstrate to stakeholders that the company takes cyber security seriously.
Weak security systems can make it easy for cyber criminals to access sensitive data (e.g. customer names and contact details). By implementing a robust ISMS and getting this system certified to ISO 27001, you can protect your company’s and your customers’ sensitive information.
ISO 27001 Requirements
In order to obtain ISO 27001 certification, your organisation must implement an information security management system (ISMS) that conforms to the ISO 27001 standard.
This means that your ISMS must be…
- Properly documented
- Tailored to your business
- Implemented throughout the entire organisation
Once you have implemented an ISMS that meets ISO 27001 requirements, we at ISO Accelerator will conduct a remote audit to make sure there are zero non-conformities. If successful, we will issue your ISO 27001 certificate. All without any time-consuming meetings or consultation sessions!
Contact ISO Accelerator today to discuss your ISO 27001 requirements. Our remote certification process is streamlined to help you get certified with minimum hassle while also keeping costs down.
How It Works Enquire Now
Photo from Unsplash
